Documentation ¶
Overview ¶
crypto package provides methods to encrypt and decrypt data
crypto package provides methods to encrypt and decrypt data
Index ¶
- Constants
- type BlockCipher
- func (blockCipher *BlockCipher) DecryptWithAESGCM(cipherText []byte) (plainText []byte, err error)
- func (blockCipher *BlockCipher) EncryptWithAESGCM(plainText []byte) (cipherText []byte, err error)
- func (blockCipher *BlockCipher) GetCipherTextKey() (cipherTextKey []byte)
- func (blockCipher *BlockCipher) GetKMSKeyId() (kmsKey string)
- func (blockCipher *BlockCipher) UpdateEncryptionKey(log log.T, cipherTextBlob []byte, sessionId string, instanceId string) error
- type IBlockCipher
- type IKMSService
- type KMSService
Constants ¶
const KMSKeySizeInBytes int64 = 64
KMSKeySizeInBytes is the key size that is fetched from KMS. 64 bytes key is split into two halves. First half 32 bytes key is used by agent for encryption and second half 32 bytes by clients like cli/console
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BlockCipher ¶
type BlockCipher struct {
// contains filtered or unexported fields
}
func NewBlockCipher ¶
func NewBlockCipher(context context.T, kmsKeyId string) (blockCipher *BlockCipher, err error)
NewBlockCipher creates a new block cipher
func NewBlockCipherKMS ¶
func NewBlockCipherKMS(kmsKeyId string, kmsService IKMSService) (blockCipher *BlockCipher, err error)
NewBlockCipherKMS creates a new block cipher with a provided IKMService instance
func (*BlockCipher) DecryptWithAESGCM ¶
func (blockCipher *BlockCipher) DecryptWithAESGCM(cipherText []byte) (plainText []byte, err error)
DecryptWithGCM decrypts cipher text using AES block cipher GCM mode
func (*BlockCipher) EncryptWithAESGCM ¶
func (blockCipher *BlockCipher) EncryptWithAESGCM(plainText []byte) (cipherText []byte, err error)
EncryptWithGCM encrypts plain text using AES block cipher GCM mode
func (*BlockCipher) GetCipherTextKey ¶
func (blockCipher *BlockCipher) GetCipherTextKey() (cipherTextKey []byte)
GetCipherTextKey returns cipherTextKey from BlockCipher
func (*BlockCipher) GetKMSKeyId ¶
func (blockCipher *BlockCipher) GetKMSKeyId() (kmsKey string)
GetKMSKeyId returns kmsKeyId from BlockCipher
func (*BlockCipher) UpdateEncryptionKey ¶
func (blockCipher *BlockCipher) UpdateEncryptionKey(log log.T, cipherTextBlob []byte, sessionId string, instanceId string) error
UpdateEncryptionKey receives cipherTextBlob and calls kms::Decrypt to receive the encryption data key
type IBlockCipher ¶
type IBlockCipher interface { UpdateEncryptionKey(log log.T, cipherTextKey []byte, sessionId string, instanceId string) error EncryptWithAESGCM(plainText []byte) (cipherText []byte, err error) DecryptWithAESGCM(cipherText []byte) (plainText []byte, err error) GetCipherTextKey() (cipherTextKey []byte) GetKMSKeyId() (kmsKey string) }
type IKMSService ¶
type KMSService ¶
type KMSService struct {
// contains filtered or unexported fields
}
func NewKMSService ¶
func NewKMSService(context context.T) (kmsService *KMSService, err error)
NewKMSService creates a new KMSService instance